Adding Web Sites that Support SSL Traffic

Created at:
Avatar
Updated
  1. Log in to your my.incapsula.com account.

    Note: If you have already added a site to your Incapsula account and want to add an additional site, go to the Management Console Websites page and click Add Site.

  2. In the Add a website field, enter the full domain name (including the subdomain prefix, such as www) of your site. For example, www.yourdomain.com.
  3. Click + Add Website. The following is displayed, showing information automatically collected by Incapsula about your site:

Incapsula will automatically identify when websites that support SSL traffic (HTTPS) are added to the service.

Note: If SSL support was not detected, you can contact support for further assistance.

 

Step 2: Configure SSL support for secure sites

Click the Continue button. The following is displayed, illustrating how SSL protection works throughout the chain of communication to your site.

Incapsula acts as an HTTPS proxy and terminates connections in front of the end users. For this reason, a second SSL certificate (or actually multiple copies of the same certificate) needs to be installed on the Incapsula proxy servers, in addition to the one already installed on the origin servers. This certificate is the one that is visible to the end users.

There are two alternatives for installing SSL certificates on the Incapsula proxy servers:

  1. The default method is having Incapsula generate a new certificate for the domain. The Certificate Authorities that generate these certificates for Incapsula are required to validate the customer’s ownership of the domain, a process which usually takes just a few minutes.
  2. An alternative method involves uploading a custom certificate. Since this certificate only serves SNI-supporting clients, most customers are also usually required to generate an Incapsula certificate for the site (which is used for all non SNI-supporting clients).

Note: At any stage during the registration procedure, you can click the I don’t want SSL button. If you choose this option, Incapsula will not generate a certificate for this site. It is possible at a later stage to configure a certificate for the site directly from the site settings. In such a case new DNS instructions will be provided and DNS records will have to be configured accordingly.

Request an Incapsula Certificate

  1. Click the Let’s start button. The following is displayed:

  2. The Certificate Authority is required to validate ownership of the domain using one of the following methods:

  • Issuing A New SSL Certificate for Your Website:

After website ownership has been validated, Incapsula starts the process of issuing a new SSL certificate for the site.

The process is typically completed after a few minutes. A message pops up indicating that the certificate was issued successfully (you do not have to remain in this window).

 
Note:

While waiting for the certificate to be issued, the site continues to be available as it was previously. Traffic is not yet being diverted through Incapsula. After the certificate is ready, you will receive DNS instructions for onboarding Incapsula.

If, for any reason, the issuing of this new SSL certificate is not completed promptly, a message is displayed and you will receive an email notification when the certificate is issued.

 

Upload a custom certificate:

(Optional) To upload a custom certificate, complete the process described above to request an Incapsula Certificate, and then follow the instructions on Upload a Custom Certificate for Your Website on Incapsula.

 
 

Incapsula SSL Support - Frequently Asked Question

Q: Do I need to purchase SSL certificate, when onboarding Incapsula?
A: Absolutely not. We provide the certificate at no extra cost.

Q: Do I need to surrender my Private Key to Incapsula?
A: No.

Q: What port do you use for SSL traffic and can I use another port?
A: The default SSL port is 443 and yes, Enterprise customers may use custom ports but you’ll need to contact our support.

Q: I didn’t receive the verification e-mail.
A: Check your “Spam” folder and if it’s not there, contact our support for further assistance.

Q: I have an EV certificate and I want to keep using it, what can I do? 
A: Incapsula’s Enterprise and Business Plus plans fully supports EV certificate.

Q: How do I add SSL support, if I didn’t have SSL when I first activated Incapsula?
A: Even after the initial site’s setup we will continue to monitor your SSL support so the system should detect this automatically. When this happens, new SSL controls will auto-appear in you ‘Settings’ screen and you can use them to add your new certificate. Also, you can always contact our support and we will be glad to help out.

 

 

 

Was this article helpful?
13 out of 13 found this helpful
Have more questions? Submit a request

Comments

  • Avatar
    Martin

    Here you say "Within 24 hours from adding the web site you will receive an e-mail from GlobalSign" whereas on Certificat status it is mentioned "Validation email will be sent to x@x in a few minutes". There's quite a gap between a few minutes and 1440 :)

  • Avatar
    Amit

    Need help on configuring SSL based domain. While adding the domain, it is not detecting the HTTPS protocol.
    Also, post adding the domain, we checked manually and not able to detect the SSL and getting the error as "An unclassified error is preventing us from detecting SSL on "www.hdfcbankallmiles.com"

    Edited by Amit
  • Avatar
    Farhan

    Getting the same "An unclassified error is preventing us from detecting SSL" error during SSL detection.

    It gets better though. If SSL is actually detected there are multiple issue with cert configuration.

    The cert issuance during initial site configuration barely works. Broken for two of our sites right now.

    The cert configuration after initial site configuration does not provide the DNS TXT record verification method. It only provides the email based verification which, again, is more than intermittently broken.

Powered by Zendesk